[Date Prev][Date Next] [Chronological] [Thread] [Top]

DO script IF ldap-useraccount GETS LOCKED ...

Hi Gurus out there!

Is there a Way to have OpenLDAP start a script that kicks in whenever a LDAP User-Object got locked down ?? (through manual lock OR more important, through a intruder detection / x failed logon attempts )

My Problem is that whenever a LDAP Account got locked because of exceeding max. failed logon attempts the corresponding SAMBA Account (same LDAP Object) is still "unlocked". So when however the user cannot log back in to LDAP, he is still able to log in on Windows-workstation (samba) and reset his password. But reseting his SAMBA Password through Windows PC does also reset his LDAP Password through Password-Syncronisation. That means that his Locked LDAP Account is again "unlocked" because Samba's LDAP-Admin reseted the Password of my locked LDAP User.

So i want to make sure that if he fucks up his LDAP account , his SAMBA account will also be disabled.

Some Hook for a custom script would be fine. But is there something like that ?
Any other Ideas how to manage that ?